How can I get a junior position in Information Assurance/Security?

I have a Bachelor of Arts and a Master of Science in Business Information Technology with specialization in Information Assurance (which according to my college it is equivalent to the CIISP curriculum).
I find it very hard to find a job in security as they request experience. My work experience so far is Help Desk Support and recently Web Project Manager.

Suggest you work within your current employer to get an entry level position within its Information Security group. On the open market experience is almost always required. Within your organization, skills you have from the help desk and more importantly Web Project Manager may buy you some credits to get into the group.
Also, in the WPM role you may want to start building credentials in secure systems lifecycle by grabbing the initiative and building security into your web sites.
Hope this helps you and wish you good luck.

Help the community by fixing grammatical or spelling errors, summarizing or clarifying the solution, and adding supporting information or resources. Always respect the original author.

Popular White Paper On This Topic

Firstly, you should know that it is not CIISP, but CISSP.. Are you honestly
deep-dive into the Information Security concepts? There are plenty of
opportunities for this area and I find it strange when you say you dont find
any job

Suggest you work within your current employer to get an entry level position within its Information Security group. On the open market experience is almost always required. Within your organization, skills you have from the help desk and more importantly Web Project Manager may buy you some credits to get into the group.

Also, in the WPM role you may want to start building credentials in secure systems lifecycle by grabbing the initiative and building security into your web sites.

Hi Shiva, yes I know it is CISSP, I made a lapsus. I am deep-dive in theory but as far as hands-on I don`t have much practice. To be honest, from what I have seen on Internet, I haven`t found anything that can be as security junior level. Can you give some clues?

To start with get Certified by Cisco (CCNA would not merely suffice, take up
CCSP), then continue momentum with CISSP Certification, which is bit
expensive affair.. But, take my word, if you join the club of CISSP though
ISC2, opportunities would come searching for you. Be strong on the Security
concepts and passing the Certification would be an added Advantage..

You should also make sure to read as much as you can, and go to websites with webinars and take those. As you do those, look for places to volunteer as a security admin or even as a web admin and work security into the website. Try to improve it by increasing the security posture using best practices and maybe even some federal level guidance. Put that experience on your resume, as well as the training and education and try to move up at your current employer. Look for outside positions as well, maybe within the federal or local government and keep applying. After a few months of trying, if you still have not made the move, continue with the strategies above and try again in a year.

I'm going to respectfully disagree with a majority of the advice you've received thusfar.

What we really need is more information to help you plan the right entry point for yourself. What area of security are you interested in/passionate about? When you think back to your choice to get your MS and do IA as the focus - what was it that really drew you in?

The other things I'd recommend is looking at the skills you already have. You say you've been doing help desk support and web project management? If you think in broad terms, what aspects of those two experience might be leveraged as 'transferable skills'? If you spend some time looking through the CISSP 10 domains for instance (just as a primer) - what do you see there that you have some experience doing - either directly or indirectly? You may find that you have more experience in security than you think. This is something you should capitalize on to get your foot in the door.

You are already three steps ahead by having pursued your formal education - if you look at your current skills and how they might align with security related work, you'll be another couple of steps ahead. If you can answer the question about what really drives you towards security - what your passionate about - then the next step is to look at the certification tracks that are most applicable. The CISSP is the obvious choice - if your experience is sufficient to qualify that is. Beyond that it's really a question of what you want to do within the infosec community,

Look me up in the people section of this website to chat a bit more - you'll see that I run a blog that is actively pursuing the question of how to break into security - and how to build a career roadmap for yourself. Plus I'll be happy to answer any additional questions you may have.

You are right, CISSP. I know there are, but they require experience. The graduate program I completed was all about theory nothing about hands-on except creating an INFOSEC program. So, it was more about management of security rather than teaching something in real life of security. Thank you for your advice.

Once again, I have to stress the importance of "getting ones' hands dirty". Certs are fine. They're wonderful. They just don't cut it in real life. It's kind of funny, but this conversation reminds me of a line that Harrison Ford said to a student in 'Indiana Jones and The Kingdom of The Crystal Skulls'..."Ya gotta get out of the library!"

Right! But first you have to get past HR. And HR can't tell the difference, all that have to go on is what certs you have. When you get to the hiring manager its the 'hands on' that counts.

We all know the manager's complaint: there aren't any good people around. Yes, its because the HR people are filtering them out! For a variety of reasons, among which is not being able to tell experience from qualifications.

Exactly correct! You hit that ugly nail square on its' head. I've always thought that HR actually meant Hilariously Ridiculous. If this helps, when I got my last gig, it wasn't because I impressed some overpaid bag of wind in HR, it was because my former employer contacted me directly. That was largely due to my putting my resume on multiple sights and also a very efficient and cordial phone interview with my soon-to-be I/T director.

All kidding aside, I wish you the very best. You do have a tough road to navigate. I might add, you should consider doing (yea..I know) Help Desk and using that as a stepping stone. You'd be amazed at how many times basic Help Desk involves security issues. Hang in there.

This is rarely the case anymore. A good HR person is not going to
ignore a person's experience and/or education. I assure you a CS degree
from MIT is going to stand out a whole lot more then any cert you may
have. A good HR person also will consult a hiring manager or technical
expert. Years ago, I did technical interviews for software development
opportunities in my development group.

I want to work in IA also. After retiring from the USN, I have since taken the IA course in the USN, A+ and Netplus. I AM close to getting the Security cert 301. I have almost 6 years with GDIT (General Dynamics Information Technogly).

I want to move to Corpus Christi TX and work from there. I have a BS in Marketing, but want to continue pursuing the IA field in Security. Do you think I still need the full 4 years?

The full 4 years surely would not be a disadvantage. You might consider an in-depth look at why you would choose Security. The stress levels are, to say the least, punishing. The hours can be quite long, and you would have very little time off. I'm not saying that it would be a bad choice. I am saying you should look at this field with your eyes 'wide open'. On the plus side, there are lots of 'kudos' to be had when you can intervene in a cyber-attack and effectively stop it. Likewise, when you are able to solve a network security glitch. All things considered, any position in the Security field(s) will be both demanding and rewarding, depending on your personal take. In any event, I wish you the best.

You might consider a 2+2 option where you earn a 2 year degree and an
associated IA/IS certification. You can, at that point, enter the IA/IS
field in a junior position or continue with the remaining 2 years to a
bachelors degree in IA/IS.

I will consider your advise and will give UOP a call. I am still in OEF for a few more months, but I will email my Alluminii HQ for a shot at this position. I will have my security+ 301 cert in about another month.

I have good advise from a professional. As an Navy IT, I have been working from crypto in the vault to security at the door entrance. I know the long hours and the patience it will take to carry out the fight against cyber attacks.

Another option you can try for experience is to volunteer at your local public schools or library as a security professional. If you can help them with maintaining the security of their computers, that is tangible and direct experience you can put on your resume.

There are also Open Source projects that encourage volunteer participation.
I did for LPI -- for a short period SELinux, getting your foot in is like
exploiting a network, finding a way in will be the hard part, but once
you're in ... its just a matter of working your way up the ladder. Or if
you have the resources, build a home network and build up a good level of
confidence and skill.